> > OK, if the user is a direct member of the groups and the groups are all > POSIX (=they all have a GID), then I would expect the group membership > to show all users. > > Can you try setting ldap_deref_threshold=0 and re-running the test? It > would also be best if you could remove the sssd cache first.
Ok, I added that into a [povider/ldap] block, but no change to the behaviour. I even cleared cache, rebooted, and tried again just for a bit of overkill. ipausers isn't a posix group, but the rest are. I removed ipausers for that user to make sure that wasn't causing an issue. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
